[MUSIC] Let's contrast the way that Android works from a security perspective from the way that a traditional desktop operating system works. So, what is fundamentally different? If you have to sum it up in one phase, it's that apps are people on Android and this is really a profound thing from security point of view that makes Android behave from a security perspective very differently from a traditional desktop environment. So, let's take a look at how this affects things. On Android, if I go and launch an app and let's say, we take a photograph with the camera and we touch it up in a photo editing program, similar to what we were doing in our desktop user example. So we launch our first app, which is a photo editor to touch up a photo and this is going to be our first app and it's going to access information on the device. Now, one of the immediate things that's different is that this app is going to be launched with its own user account. So the photo editor is going to have a photo editor user, it's a separate account that's associated with it. And what this means is that the photo editor has its own set of privileges and permissions that have been assigned to it, that aren't the default ones that are assigned to me as a user. Because even though I’ve launched that app, because I’ve launched it under my user account, it doesn’t mean that, that photo editor automatically gets all of my all of my permissions and capabilities. We want to restrict what that photo editor is able to do to only things that I, as the user want it to be able to do. So, it has its own photo editor user account that has been created when I installed that app and when I agreed to let it have certain permissions. So, what this means is the photo editor can access parts of the storage that are associated with the photo editor. So, we can think of our storage as being divided up. And so there's a region of that storage that assign to that photo editor and it can read, and write files to that region of the storage that's part of its private data or the area within the storage that's been sliced off for it. Similarly, if when I install this photo editor, I gave it permission to access the internet, then it's user account has a special permission associated with it that allows it go and access the Internet through the Wi-Fi or cellular network connected to the device. Where the model of security that has apps as people get really interesting is when we launch a second application. So let's say on Android, we launch a second application which is a web browser that we're going to view our edited image in, just like we did on the desktop. Now, where there's an immediate difference on how Android operates is what this web browser can access on the storage system. The web browser, if this was on the desktop would be able to just directly go and read this file that I had saved in the photo editor, because both applications would have been associated with my user account. And thus, they'd both have access to the same areas in the storage system. But on Android, because this web browser is going to run underneath its own user account, its web browser user, it can't directly access the files created by the photo editor, because the photo editor stuff is private. So, this is not allowed because this is private access. This is something that exists only for this photo editor user account. So, one of the immediate differences is that each app that I launch as a user does not automatically get the same permissions and capabilities as other apps. So I can't just launch a photo editor, save some data to the storage system of that in the private storage of that photo editor and then access it with the web browser, because they have separate user accounts and they have access to separate sets of files on the file system. Now, there are ways to get around this that we'll talk about and one of them, for example is saving images to the SD card on a device. But when we begin doing things like saving data to the SD card or to other places that other apps can access, we have to be conscious from a security point of view what the ramifications are of that. Now the important thing to remember is by default, Android wants each app to be its own user and to save data in its own private data storage system. By default, Android is segregating your app from other apps on the system to prevent them from stealing data from your apps or doing other malicious things.
